Fake Disney App Harvests Info; Pirated Jay-Z App Takes Over Phones

Our Appthority App Risk Management Service discovered a fake Disney app last week that was included in PCMag’s Mobile Threat Monday by Fahmida Rashid. The app called “Disney Infinity Game Info” is not from our beloved mouse-eared company, but from a developer going by the name of “Sooner Nation Software.” The app hijacked the popular brand (Disney) to bait users into installing it. But when the app is closed, it periodically takes control of the screen to promote links to other apps. The fake Disney app also harvests private information and shares it with numerous ad networks. Parents should beware, as most kids don’t read terms and conditions, and might be drawn in by the respectable Disney name.

Also spotted this past week was a fake copy of Jay-Z’s new Magna Carta album spreading an anti-government speech. CNET’s Rich Trenholm covered the story saying, “Android phones have come under attack from malware masquerading as Jay-Z’s Magna Carta Holy Grail, targeting rap fans seeking to get the album on their Samsung Galaxy phone.” The Android Trojan is hidden in a dodgy copy of the app for Jay-Z’s latest album, which was released early to selected owners of the Samsung Galaxy S4, Galaxy S3 and Note 2.

On the surface, the fake Jay-Z app is nearly identical to the real thing. However, in the background, it sends data to an external server every time the phone restarts, and attempts to download and install additional packages. The piece of malware contains a built-in timer that was set to activate on Independence Day, replacing users’ wallpaper with a satirical image of President Obama and the tagline “Yes we scan,” a reference to the current controversy surrounding government surveillance.

Thoughts or comments on this week’s news? Reach the Appthority team on Twitter at @Appthority.